2021/07/27 18:06 (UTC) 1/8 Making Slackware Mail Server Making Slackware Mail Server

This article shows how to make an Slackware machine your personal Mail Server. This howto is for Slackware 64 13.37, but with few changes you can adapt it to the newest member of Slackware familly Slackware 14.

Before we begin I must say that you need a normal installation of Slackware, without any special packages. The packages we will need to make the Mail Server we will manually download and install from Slackbuilds.org. I preffer the Cyrus SASL authentication method and Cyrus IMAP for remote login, insted of other alternatives like qpopper or dovecot.

Let's get started then , we will need to install Cyrus-SASL, Postfix, Cyurs-IMAP and then configure them all to use Certificates for encrypting the mail packages that traverse the Internet.

Installing Cyrus-SASL

# cd /tmp # mkdir cyrus-sasl # cd cyrus-sasl # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/ cyrus-sasl-2.1.23.tar.xz # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/ cyrus-sasl.SlackBuild # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/ doinst.sh.gz # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/ rc.saslauthd.gz # wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/source/n/cyrus-sasl/ slack-desc

# joe cyrus-sasl.SlackBuild and add the following lines after “–disable static”

--enable-plain \ --disable-digest \

# sh cyrus-sasl.SlackBuild # installpkg /tmp/cyrus-sasl-2.1.23-x86_64-1.txz

SlackDocs - https://docs.slackware.com/ Last update: 2019/02/16 16:44 howtos:network_services:postfix_with_cyrus https://docs.slackware.com/howtos:network_services:postfix_with_cyrus (UTC) Installing Postfix

# cd /tmp # mkdir postfix # cd postfix # wget http://postfix.cs.utah.edu/source/official/postfix-2.8.3.tar.gz # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/README # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/doinst.sh # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/postfix.SlackBuild # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/postfix.info # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/rc.postfix # wget http://slackbuilds.org/slackbuilds/13.37/network/postfix/slack-desc

# joe postfix.Slackbuild

Edit the following line and replace “dovecot” with “cyrus” like this

SASL=${SASL:-cyrus}

In order to begin Postfix installation you will need to create postfix user and group (also keep in mind that we need to add user postfix and user cyrus to the same group, mail group that is).

# groupadd -g 200 postfix # useradd -u 200 -d /dev/null -s /bin/false -g postfix postfix -G mail # groupadd -g 201 postdrop # sh postfix.SlackBuild # installpkg /tmp/postfix-2.8.3-x86_64-1_SBo.tgz

Before we continue with installation of IMAP server we need to assure that Postfix is working and we can authenticate with sasl. Let's make some basic Postfix configuration and some basic SASL configuration. I will be explaining plain auth because later on we will use it togheter with SASL to authenticate.

First of all we need to make our aliases and tell Postfix to use aliases maps from /etc/postfix/aliases, so :

# joe /etc/postfix/main.cf

Edit these lines and make them look like this :

alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases

Now let's add a user to the Slackware machine, a user who will also can read and send mail.

# adduser

https://docs.slackware.com/ Printed on 2021/07/27 18:06 (UTC) 2021/07/27 18:06 (UTC) 3/8 Making Slackware Mail Server

Login name for new user []: slackware_user User ID ('UID') [ defaults to next available ]: press ENTER Initial group [ users ]: 200 Home directory [ /home/xxxxxx ]: press ENTER Shell [ /bin/bash ]: /bin/false Do you wish to change the sheel? (Y/n): n Expiry date (YYYY-MM-DD) []: press ENTER Press ENTER and imput full name and other account relates stuff. Also specify an password for your newly created user.

Now edit /etc/postfix/aliases and modifiy it to your needs :

root : slackware_user office: slackware_user

Now update your aliases database issuing the command :

# postalias hash:/etc/postfix/aliases

It is now time to make our important configurations for Postfix in order for it to run.

# joe /etc/postfix/main.cf myhostname = mx.yourdomain.tld mydomain = yourdomain.tld myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8

Let's now configure Postfix to authenticate users using SASL

# mkdir /etc/sasl2 # cd /etc/sasl2 # touch smtpd.conf # joe smtpd.conf

pwcheck_method: saslauthd mech_list: PLAIN LOGIN

Now let's configure Postfix to have users authenticate using SASL. Edit /etc/postfix/main.cf and add the folowing code to the end of the file :

smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Let's start the daemons and test our configurations until now:

# saslauthd -a shadow

SlackDocs - https://docs.slackware.com/ Last update: 2019/02/16 16:44 howtos:network_services:postfix_with_cyrus https://docs.slackware.com/howtos:network_services:postfix_with_cyrus (UTC) # postfix start

Then from another machine telnet into your mail server on port 25 and issue the following commands :

# telnet mx.mailserver.com 25 ehlo user.mailserver.tld 250-mx.mailserver.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN Y4R0QYxpcuHsFBRbbGjnPHIwYjB0MWrpMTk7La== 235 2.7.0 Authentication successful MAIL FROM: 250 2.1.0 Ok RCPT TO: 250 2.1.5 Ok DATA 354 End data with . HI. This mail is a test . . 250 2.0.0 Ok: queued as 4C0EE221E93 QUIT

In order to find out the string after AUTH PLAIN enter the commandprintf 'user\0user\0password' | mmencode on your mail server, where user is your username and password is your password

Rember to put the “.” at the end so the mail can be sent to qeue daemon

Installing Mail Delivery and Cyrus IMAP

# cd /tmp # mkdir cyrus-imap # cd cyrus-imap # wget http://cyrusimap.org/releases/cyrus-imapd-2.4.12.tar.gz # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README # wget

https://docs.slackware.com/ Printed on 2021/07/27 18:06 (UTC) 2021/07/27 18:06 (UTC) 5/8 Making Slackware Mail Server

http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/README.SLACKWAR E # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.Sla ckBuild # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/cyrus-imapd.inf o # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/doinst.sh # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/imapd.conf # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/patches # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/rc.cyrus-imapd # wget http://slackbuilds.org/slackbuilds/13.37/network/cyrus-imapd/slack-desc # mkdir patches # cd patches/ # wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imap d/patches/cyrus-imapd-2.4.4-autocreate-0.10-0-sv1.patch # wget http://mirrors.vbi.vt.edu/mirrors/linux/slackbuilds/13.37/network/cyrus-imap d/patches/cyrus-imapd-2.4.4-autosieve-0.6.0-sv1.patch # cd /tmp/cyrus-imap # groupadd -g 238 cyrus # useradd -d /var/imap -s /bin/sh -u 238 -g 238 cyrus -G mail # sh cyrus-imapd.SlackBuild # installpkg /tmp/cyrus-imapd-2.4.12-x86_64-1_SBo.tgz # mkdir -m 750 -p /var/imap /var/spool/imap /var/sieve # chown cyrus:mail /var/imap /var/spool/imap /var/sieve # su - cyrus # /usr/doc/cyrus-imapd-2.4.12/tools/mkimap # su - root

Edit /etc/imapd.conf and add the following lines:

sasl_mech_list: PLAIN LOGIN allowplaintext: yes

Edit /etc/postfix/main.cf and at mailbox_transport add the following:

mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

The last step to do is to add users to your imap server. For that you need to issue these commands :

# passwd cyrus and add a password for cyrus user

SlackDocs - https://docs.slackware.com/ Last update: 2019/02/16 16:44 howtos:network_services:postfix_with_cyrus https://docs.slackware.com/howtos:network_services:postfix_with_cyrus (UTC)

# cyradm --user cyrus --server localhost --auth plain localhost>cm user.slackware_user localhost>lm localhost> quit

slackware_user is the user you have created in your slackware machine

At this point we have an functional Mail Server but with users authenticating in plain text . So the next step is innevitabile.

SSL / TLS Postfix and Cyrus

Let's start by creating our certificates and configuring POSTFIX to use STARTTLS.

# cd /etc/ssl # misc/CA.pl -newca ( complete all entries) # openssl req -new -nodes -keyout mailkey.pem -out mailreq.pem -days 36500 # openssl ca -out mail_signed_cert.pem -infiles mailreq.pem # cp /etc/ssl/mailkey.pem /etc/postfix # cp /etc/ssl/mail_signed_cert.pem /etc/postfix # chown root /etc/postfix/mailkey.pem # chmod 400 /etc/postfix/mailkey.pem # cp /etc/ssl/demoCA/cacert.pem /etc/postfix

Now add the followings to /etc/postfix/main.cf :

smtpd_use_tls = yes smtpd_tls_key_file = /etc/postfix/mailkey.pem smtpd_tls_cert_file = /etc/postfix/mail_signed_cert.pem smtpd_tls_CAfile = /etc/postfix/cacert.pem

In /etc/postfix/master.cf delete the “#” sign from smtps and the next two columns from it

smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes

Now let's configure IMAP to use STARTTLS

# openssl req -new -nodes -out req.pem -keyout key.pem

https://docs.slackware.com/ Printed on 2021/07/27 18:06 (UTC) 2021/07/27 18:06 (UTC) 7/8 Making Slackware Mail Server

# openssl rsa -in key.pem -out new.key.pem # openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 36500 # cp new.key.pem /var/imap/server.pem # rm new.key.pem # cat ca-cert >> /var/imap/server.pem # chown cyrus:mail /var/imap/server.pem # chmod 600 /var/imap/server.pem # echo tls_ca_file: /var/imap/server.pem >> /etc/imapd.conf # echo tls_cert_file: /var/imap/server.pem >> /etc/imapd.conf # echo tls_key_file: /var/imap/server.pem >> /etc/imapd.conf

Adding daemons to rc.local

Now the last step is to add all daemons to rc.local so they can start when machine boots. So open /etc/rc.d/rc.local and add these lines :

# Starting saslauthd daemon if [ ! -r /var/state/saslauthd/saslauthd.pid ]; then echo "Starting SASL authentication daemon: /usr/sbin/saslauthd -a shadow" /usr/sbin/saslauthd -a shadow fi

# Starting IMAP daemon if [ -x /usr/libexec/cyrus/master ]; then echo "Starting Cyrus IMAP daemon: /usr/libexec/cyrus/master" /etc/rc.d/rc.cyrus-imapd start fi

# Starting POSTFIX daemon /etc/rc.d/rc.postfix start

Sources

Postfix The Definitive Guide, Kyle D. Dent, O'Reilly Managing IMAP, Dianna Mullet & Kevin Mullet, O'Reilly Official Postfix Documentation, [[http://www.postfix.org/documentation.html]] howtos, author badirca

SlackDocs - https://docs.slackware.com/ Last update: 2019/02/16 16:44 howtos:network_services:postfix_with_cyrus https://docs.slackware.com/howtos:network_services:postfix_with_cyrus (UTC)

From: https://docs.slackware.com/ - SlackDocs

Permanent link: https://docs.slackware.com/howtos:network_services:postfix_with_cyrus

Last update: 2019/02/16 16:44 (UTC)

https://docs.slackware.com/ Printed on 2021/07/27 18:06 (UTC)